Navigation
Recherche
|
A local root kernel vulnerability
mardi 20 juillet 2021, 16:35 , par LWN.net
Commit 8cae8cd89f05
went into the mainline kernel repository on July 19; it puts a limit on the size of buffers allocated in the seq_file mechanism and mentions 'int overflow pitfalls'. For more information, look to this Qualys advisory describing the vulnerability: We discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string '//deleted' to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer. It may not sound like much, but they claim to have written exploits for a number of Ubuntu, Debian, and Fedora distributions. Updates from distributors are already flowing, and this patch has been fast-tracked into today's stable kernel updates as well.
https://lwn.net/Articles/863586/rss
|
56 sources (32 en français)
Date Actuelle
ven. 26 avril - 00:15 CEST
|